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The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of tinne may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timeiy filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply w/ithin the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

I) S Responsive to communication(s) filed on 05 February 2004 . 
2a)\3 This action is FINAL. 2b)13 This action is non-final. 

3) 0 Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-21 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) [3 Claim(s) 1-21 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner 

10)0 The drawing(s) filed on is/are: a)^ accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing{s) be held in abeyance. See 37 CFR 1.85(a). 
Replaceinent drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

I I) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or fomn PTO-1 52. 

Priority under 35 U.S.C. § 119 

12)0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (0. 
a)n All b)n Some * 0)0 None of: 

1 .□ Certified copies of the priority documents have been received. 

2.n Certified copies of the priority documents have been received in Application No. . 





3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



Remarks 

1. In response to communications filed on 05-February-2004, claims 1-21 are presently pending 
in the application. 



2. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 

rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this tide, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 



3. Claims 1-1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over England (U.S. 
Patent No. 6,330,670) in view of Adams et al (U.S. Patent No. 6,363,485), and further in 
view of Reardon (U.S. Patent No. 6,212,635.) 

As to claim 1, England teaches a method (see Abstract) comprising: 

authenticating a user of a platform during a Basic Input/Output System (BIOS) boot 
process (see column 6, lines 9-23, and see column 7, lines 33-50); and 

decrypt a second BIOS area to recover a second segment of BIOS code (see column 7, 
lines 45-62.) 

England does not teach: 



Claim Rejections - 35 USC §103 
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combining the first keying material with a second keying material internally stored within 
the platform in order to produce a combmation key; and 
using the combination key to decrypt code. 

Adams et al teaches a multi-factor biometric authentication device and method (see 
Abstract), in which he teaches combining the first keying material with a second keying 
material internally stored within the platform in order to produce a combination key (see 
Abstract, and see column 2, lines 34-39, and see column 3, lines 10-17); and 

using the combination key to decrypt code (see column 2, lines 48-62, and see column 5, 
lines 44-54.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified England to include using the combination key 
to decrypt code; and using the combination key to decrypt code. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified England by the teaching of Adams et ah because 
combining the first keying material with a second keying material internally stored within the 
platform in order to produce a combination key; and using the combination key to decrypt 
code, would provide more security for user authentications and data access by users. 

England as modified, still does not teach: releasing a first keying material from a token 
communicatively coupled to the platform in response to authenticating the user. 

Reardon teaches a network security system (see Abstract), in which he teaches releasing a 
first keying material fi'om a token communicatively coupled to the platform in response to 
authenticating the user (see column 3, lines 18-67, and see column 8, lines 43-67.) 
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Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified England as modified, to include releasing a 
first keying material from a token communicatively coupled to the platform in response to 
authenticating the user. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified England as modified, by the teaching of Reardon . 
because releasing a first keying material from a token communicatively coupled to the 
platform in response to authenticating the user, would enhance the system security, because 
the token could be easily transported, like an ID card. The "key" to the data can therefore be 
stored away from the Data, as taught by Reardon (see column 2, lines 5 1-67.) 

As to claim 2, England as modified teaches the method further comprising: continuing 
the BIOS boot process (see England , column 1 1, hnes 54-63.) 

As to claim 3, England as modified teaches wherein prior to authenticating the user (see 
England, column 6, lines 9-23, and see column 7, lines 33-50), the method comprises: 

loading a BIOS code including a first BIOS area and a second BIOS area (see England , 
column 11, lines 30-63), the first BIOS area being an encrypted first segment of the BIOS 
code and the second BIOS area being an encrypted second segment of the BIOS code (see 
England , column 10, lines 4-13, and see column 16, lines 52-66.) 
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As to claim 4, England as modified teaches wherein after loading of the BIOS code, the 
method further comprises: 

decrypting the first BIOS area to recover the first segment of the BIOS code (see 
England , column 10, lines 41-51.) 

As to claim 5, England as modified teaches the method further comprising: 
unbinding keying material associated with a non-volatile storage device to access 
contents stored within the non- volatile storage device (see England , figure IB.) 

As to claim 6, England as modified still does not teach wherein the combination key is a 
value formed by performing an exclusive OR operation on both the first keying material and 
the second keying material. 

Adams et aK in another embodiment of his invention teaches wherein the combination 
key is a value formed by performing an exclusive OR operation on both the first keying 
material and the second keying material (see Abstract, and see column 3, line 59 through 
column 4, Hne 3.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified England as modified, to include wherein the 
combination key is a value formed by performing an exclusive OR operation on both the first 
keying material and the second keying material. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified England as modified, by the further teaching of Adams 
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et al . because wherein the combination key is a value formed by performing an exclusive OR 
operation on both the first keying material and the second keying material, would provide an 
effective way of combining keys in encryption and authentication environment. 

As to claim 7, England as modified teaches wherein authentication of the user is 
performed through biometrics (see Adams et al Abstract, and see column 2, lines 31-47.) 

As to claim 8, England as modified teaches wherein the second keying material is stored 
within internal memory of a trusted platform module (see England , Abstract; see column 15, 
lines 62-67, and column 16, lines 42-49.) 

As to claim 9, England as modified teaches wherein the second keying material is stored 
within a section of access-controlled system memory of the platform (see England , column 
19, lines 18-28, and see figure 10.) 

As to claim 10, England as modified teaches wherein prior to authenticating the user, the 
method comprises: 

loading a BIOS code including a first BIOS area (see England , column 1 1, lines 30-63) 
being a first segment of the BIOS code encrypted using a selected keying material (see 
England, column 10, lines 4-13, and see column 16, lines 52-66); and 

loading an integrity metric including a hash value of an identification information of the 
platform (see England, column 2, line 60 through column 3, line 30.) 
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As to claim 1 1, England as modified teaches wherein the identification information 
includes a serial number of an integrated circuit device employed within the platform (see 
England , column 18, lines 47-54.) 

4. Claims 12-21 are rejected under 35 U.S.C. 103(a) as being unpatentable over England (U.S. 
Patent No. 6,330,670) in view of Adams et al (U.S. Patent No. 6,363,485.) 

As to claim 12, England teaches an integrated circuit device (see column 5, lines 52-62) 
comprising: 

a boot block memory unit (see column 11, lines 26-47, and see figures 7A-7C); and 

a trusted platform module communicatively coupled to the boot block memory unit (see 
column 1 1, lines 48-53), and to decrypt a second BIOS area to recover a second segment of 
BIOS code (see column 7, lines 45-62.) 

England does not teach to produce a combination key by combining a first incoming 
keying material with a second keying material internally stored within the integrated circuit. 

Adams et al teaches a multi-factor biometric authentication device and method (see 
Abstract), in which he teaches to produce a combination key by combining a first incoming 
keying material with a second keying material internally stored within the integrated circuit 
(see Abstract, and see column 2, hnes 34-39, and see column 3, lines 10-17.) 

Therefore, it would have been obvious to a person having ordinary skill in the art at the 
time the invention was made to have modified England to include producing a combination 
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key by combining a first incoming keying material with a second keying material internally 
stored within the integrated circuit. 

It would have been obvious to a person having ordinary skill in the art at the time the 
invention was made to have modified England by the teaching of Adams et aK because 
producing a combination key by combining a first incoming keying material with a second 
keying material internally stored within the integrated circuit, would provide more security 
for user authentications and data access by users. 

As to claim 13, England as modified teaches wherein the boot block memory unit to load 
a BIOS code including a first BIOS area and a second BIOS area (see England , column 1 1, 
lines 30-63), the first BIOS area being an encrypted first segment of the BIOS code and the 
second BIOS area being an encrypted second segment of the BIOS code (see England , 
column 10, lines 4-13, and see column 16, lines 52-66.) 

As to claim 14, England as modified teaches wherein the trusted platform module to 
decrypt the first BIOS area to recover the first segment of the BIOS code (see England , 
column 10, lines 41-51.) 

As to claim 15, England teaches a platform (see column 52-62) comprising: 
an input/output control hub (ICH) (see column 6, lines 9-23); 

a non-volatile memory unit coupled to the ICH, the non-volatile memory unit including a 
BIOS code including a first BIOS area and a second BIOS area (see figure 1 A), the first 
BIOS area being an encrypted first segment of the BIOS code and the second BIOS area 
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being an encrypted second segment of the BIOS code (see column 10, lines 4-13, and see 
column 16, lines 52-66); 

For the remaining steps of this claim, the applicant is kindly directed to remarks and 
discussions made in claim 12 above. 

As to claim 16, England as modified teaches wherein the trusted platform module to 
further decrypt the first BIOS area to recover the first segment of the BIOS code in an non- 
encrypted format (see England , column 10, lines 41-51.) 

As to claim 17, England as modified teaches the platform further comprising a hard disk 
drive coupled to the ICH (see England , figure 1 A.) 

As to claims 18 and 21, England as modified teaches wherein the trusted platform 
module to fiarther unbind keying material associated with the hard disk drive to access 
contents stored within the hard disk drive (see England , figure IB.) 

As to claim 19, England teaches a program loaded into readable memory for execution by 
a trusted platform module of a platform (see column 5, lines 39-51.) For the remaining steps 
of this claim, the applicant is kindly directed to remarks and discussions made in claims 12 
and 15 above. 
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As to claim 20, England as modified teaches wherein the first BIOS area is the first 
segment of the BIOS code encrypted with a keying material (see England , column 10, Unes 
4-13, and see column 16, lines 52-66) and the second BIOS area is the second segment of the 
BIOS code encrypted with the combination key (see England , column 7, line 5 1 through 
column 8, line 6, and see column 13, lines 60-67.) 

Response to Arguments 
5, Applicant's arguments filed on 05-February-2004 with respect to the rejected claims in view 
of the cited references have been fully considered but they are moot in view of the new 
grounds for rejection. 



Conclusion 

6. Any inquiries concerning this communication or earlier communications from the examiner 
should be directed to Tony Mahmoudi whose telephone number is (703) 305-4887. The 
examiner can normally be reached on Mondays-Fridays from 08:00 am to 04:30 pm. 
If attempts to reach the examiner by telephone are unsuccessfiil, the examiner's 
supervisor, Dov Popovici, can be reached at (703) 305-3830. 



tm 

April 6, 2004 
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